Department of Treasury, Financial Crimes Network (FinCEN)

As a Prime Contractor, iBS supported FinCEN during Phase IV of the Certification and Accreditation process utilizing the NIST SP800-37, Guide for the Security Certification and Accreditation of Federal Information Systems and providing annual self-assessments using NIST SP800-26, Security Self-Assessment Guide for Information Technology Systems mandated by FISMA.

• Principal consultant to DAA on all matters involving the security of FinCEN information systems
• Independent Verification and Validation (IV&V) of information systems to ensure compliance with Executive Orders (PD-63), Federal Legislature (FISMA/OMB), and Treasury Directives
• Reviewing Data Call and FISMA reports for annual FISMA compliance reporting
• Four Phase Certification and Accreditation (C&A) support for ensuring system accreditation at initial operating capability every 3 years, or upon major changes
• Consultation with DAA for recommending accreditation decisions
•Review and update of System Security Plans annually or as necessary
• Verifying security risk ratings for major and minor applications and general support system
• Member of the FinCEN Configuration Control Board overseeing Security Change Management
• Development of IA and IT security policies and guidelines for systems and networks
• Conducting on-site web-based IT Security Awareness and Training
• Security Testing and Evaluation, internal Vulnerability Assessments and Penetration Testing annually or when significant changes are made
• Security planning involving the review and validation of security requirements for Statements of Work requiring contractor support
• Product Assurance for ensuring the acquisition and appropriate implementation of Treasury preferred (i.e., NIST, NSA, International Common Criteria) evaluated or validated COTS IA and IA-enabled IT products
• Liaison to FBI and U.S. Secret Service for investing cause and impact of reported security incidents affecting FinCEN systems